This article has been archived. It is offered "as is" and will no longer be updated.
Digest authentication credentials that are used in an application that is based on the Microsoft Windows Internet (WinINet) API may be visible to other applications that are based on the WinINet API that also use Digest authentication. Applications that are based on the WinINet API include the following applications:
Microsoft Internet Explorer
Microsoft Outlook Express
Custom applications that use the WinINet API
For example, you connect to a URL by using Digest authentication in a custom application that is based on the WinINet API. Then, you start Internet Explorer, and you try to connect to the same URL. When you do this, the authentication dialog box that appears already contains the user name and password that you used in the custom application. To connect to the URL, you just click OK. You can save the password for future sessions by using the authentication dialog box.
Note This problem also occurs after you close the custom application if Internet Explorer was running when the custom application connected to the URL.
This problem occurs because Digest authentication credentials are cached across processes. The Digest.dll file implements its own credential cache. This credential cache is shared across processes through a memory-mapped file. The memory-mapped file is destroyed only when all processes that use Digest authentication are closed.
Note Both Internet Explorer and Outlook Express use the Digest.dll file for Digest authentication in the WinINet API.
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
Any process that uses the Digest.dll file for Digest authentication may experience this problem even if the process does not use the WinINet API.
For more information about Digest authentication in the WinINet API, visit the following Microsoft Developer Network (MSDN) Web site: